( 2014. 10. 15. )
Docker 캐쥬얼톡에서 발표한 내용입니다. 크게 3부분으로 나누어져 있습니다.
1. Docker Registry on Local Machine
2. Docker Registry on AWS ( EC2, S3 )
3. Docker Registry with Basic Authentication
각각의 내용들에 대해서는 개인 블로그에서도 살펴보실 수 있습니다. ( http://blog.ansuchan.com )
docker
run
registry
$
docker
run
-‐-‐name
local-‐registry
-‐d
-‐p
5000:5000
registry
d530e2564a47a8d5d42a6e2aa65dc9ab6975e5ff48d5602bfb9f6c524
CMD
Result
docker
run
nginx
$
docker
run
-‐-‐name
nginx-‐registry
-‐d
-‐v
~/nginx.conf:/etc/nginx.conf
#
설정
파일
-‐-‐link
docker-‐registry:docker-‐registry
#
컨테이너
링킹
-‐p
80:80
nginx
1fa1eeaa48975680315d73b1499883bc416bdbba63adf4a94b913e377
CMD
Result
docker
push
$
docker
push
registry.dobestan.com/hello_world
CMD
The
push
refers
to
a
repository
[registry.dobestan.com:5000/
Result
hello_world]
Sending
image
list
Pushing
repository
registry.dobestan.com/hello_world
(1
tags)
511136ea3c5a:
Image
successfully
pushed
42eed7f1bf2a:
Image
successfully
pushed
120e218dd395:
Image
successfully
pushed
a9eb17255234:
Image
successfully
pushed
1ca10bda6835:
Image
successfully
pushed
82bdf77324c2:
Image
successfully
pushed
Pushing
tag
for
rev
[82bdf77324c2]
on
{http://registry.dobestan.com/
v1/repositories/hello_world/tags/latest}
htpasswd
.htpasswd
is
a
flat-‐file
used
to
store
usernames
and
password
for
basic
authentication
on
an
Apache
HTTP
Server
$
sudo
apt-‐get
-‐y
install
apache2-‐utils
CMD
htpasswd
$
htpasswd
-‐c
.htpasswd
dobestan
New
password:
Re-‐type
new
password:
Adding
password
for
user
dobestan
CMD
Result
$
cat
.htpasswd
dobestan:$apr1$mtXLPDLn$YXdZDqy8Rrbtq39iieV2B0
CMD
Result
docker
push
$
docker
push
54.64.158.154/hello_world
CMD
Result
The
push
refers
to
a
repository
[54.64.158.154/hello_world]
Sending
image
list
Pushing
repository
54.64.158.154/hello_world
(1
tags)
511136ea3c5a:
Pushing
2014/09/20
23:36:39
HTTP
code
401,
Docker
will
not
send
auth
headers
over
HTTP.
Self
Signed
Certi
$
openssl
genrsa
-‐out
private_key.pem
2048
CMD
1.
개인키
생성하기
Self
Signed
Certi
$
openssl
req
-‐new
-‐key
private_key.pem
-‐out
server.csr
Country
Name
(2
letter
code)
[AU]:KO
State
or
Province
Name
(full
name)
[Some-‐State]:Seoul
Locality
Name
(eg,
city)
[]:Seoul
Organization
Name
(eg,
company):Dreampic
Organizational
Unit
Name
(eg,
section)
[]:Dev
Common
Name
(e.g.
server
FQDN
or
YOUR
name)
[]:54.64.158.154
Email
Address
[]:dobestan@gmail.com
CMD
Result
2.
CSR
생성하기
Self
Signed
Certi
3.
$
openssl
x509
-‐req
-‐days
365
-‐in
server.csr
-‐signkey
private_key.pem
-‐out
server.crt
CMD
Result
인증서
발급하기
Signature
ok
subject=/C=KO/ST=Seoul/L=Seoul/O=Dreampic/OU=Dev/CN=54.64.158.154/
emailAddress=dobestan@gmail.com
Getting
Private
key
Self
Signed
Certi
4.
인증서
설치하기
$
sudo
cp
server.crt
/usr/share/ca-‐certificates/ CMD
$
echo
"server.crt"
|
sudo
tee
-‐a
/etc/ca-‐certificates.conf
CMD
$
sudo
update-‐ca-‐certificates
CMD
Result
Updating
certificates
in
/etc/ssl/certs...
1
added,
0
removed;
done.
Running
hooks
in
/etc/ca-‐certificates/update.d....done.
docker
login
$
docker
login
54.64.158.154
CMD
Result
Username:
dobestan
Password:
Email:
dobestan@gmail.com
2014/09/25
14:16:25
Error
response
from
daemon:
Invalid
Registry
endpoint:
Get
https://54.64.158.154/v1/_ping:
x509:
cannot
validate
certificate
for
54.64.158.154
because
it
doesn't
contain
any
IP
SANs
Error
response
from
daemon:
Invalid
Registry
endpoint
x509:
cannot
validate
certificate
for
it
doesn't
contain
any
IP
SANs
Self
Signed
Certi
$
openssl
req
-‐new
-‐key
private_key.pem
-‐out
server.csr
Country
Name
(2
letter
code)
[AU]:KO
State
or
Province
Name
(full
name)
[Some-‐State]:Seoul
Locality
Name
(eg,
city)
[]:Seoul
Organization
Name
(eg,
company):Dreampic
Organizational
Unit
Name
(eg,
section)
[]:Dev
Common
Name
:
registry.dobestan.com
Email
Address
[]:dobestan@gmail.com
CMD
Result
2.
CSR
생성하기
:
도메인
이름으로